Senator Franken asks Apple for privacy guarantees around Face ID data

A friendly letter from Senator Al Franken (D-MN) to Apple requests that the latter provide a few more details on the tech behind its Face ID system, which allows users to unlock their iPhone X using facial recognition.

It’s very far from a nastygram; the Senator pretty clearly just wants to cover a bit more ground than Apple had time for in its presentation yesterday. He writes:

I am encouraged by the steps that Apple states it has taken to implement the system responsibly. However, substantial questions remain about how Face ID will impact iPhone users’ privacy and security, and whether the technology will perform equally well on different groups of people. To offer clarity to the millions of Americans who use your products, I ask that you provide more information on how the company has processed these issues internally, as well as any additional steps that it intends to take to protect its users.

Face ID, which uses a Kinect-like system to scan the user’s face and only lets a matching faceprint unlock the phone, is being treated with some skepticism in the tech community. An onstage flub during the iPhone event didn’t help, but there are some usability concerns (how do you unlock your phone while it’s on the table a couple of feet away? Surely not a PIN?) and privacy ones as well.

His letter today is well-informed as to the potential weaknesses of facial recognition systems. For example, he asks what the source was for the billion face images Apple touted as the training set for the system, since a lack of diversity there could lead to underrepresented groups being unable to use Face ID.

He also asks whether Apple has any plans to use faceprint data for any purpose other than Face ID, whether it’s possible for Apple or any interested third party to extract that data from the phone, and whether the data might be stored remotely.

Interestingly, he asks whether there are any protections against a person being forced to unlock the phone by someone else holding it up to their face. Kind of dark, Senator!

Lastly, he asks how Apple will respond to law enforcement requests for faceprint data. That’s a sticky issue right now considering the amount of pressure tech companies are under to identify users, respond to law enforcement requests and so on.

If Apple’s answers are anything like the answers it gave in its response to the 2013 letter, the gist will be that because the faceprint is stored in the Secure Enclave and therefore is inaccessible to Apple, its services or its partners, many of these questions will be moot.

For the remaining questions, however, I look forward to Apple’s responses and evasions, each of which will likely be illuminating in its own way. Apple is requested to respond to the Senator by October 13.